untrusted connection

14 January 2018

Redmine with Passenger and Nginx on Ubuntu 16.04

Just in time for Ubuntu 18, here are Ubuntu 16 instructions for getting Redmine up and running. Though better than on Ubuntu 14, this is still a maze of twisty little passages, all alike. Here are flexible instructions to get an up to date, robust, secure installation going.

Ubuntu 16.04 LTS - a mature Ubuntu version with long term support

MySQL - the database

Ruby - the technology on which Redmine runs, installed using RVM to manage the ruby version and have access to up to date components

Phusion Passenger- the application server in which to run Redmine

Nginx - the web server within which Redmine runs

MySQL Configuration

Install MySQL. For this step, relying on the Ubuntu packages is fine.

sudo apt-get install -y mysql-server libmysqlclient-dev

Connect to the mysql service (mysql -p) and create the database and provide access to the redmine user:

mysql -p -u rootCREATE DATABASE redmine CHARACTER SET utf8;CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'yourpassword';GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'localhost';

If this is just a test system, move onto the Ruby Installation section.

For production systems, a separate data disk should be used rather that storing data on the same partition as the root system. Stop the service and then migrate the data directory.

To really geek out, this bug has one of the more sad but funny threads I've read in a long time. They eventually get to the right conclusion and open twobugs, but getting there is a journey. We will patch it ourselves, because the bugs haven't been actually fixed in the Ubuntu release. To update AppArmor:

sudo vim /etc/apparmor.d/usr.sbin.mysqld

In the "Allow system resource access" section add the following to fix the bug(s):

/sys/devices/system/node/ r,/sys/devices/system/node/** r,/proc/** r,

And under the "Allow data dir access" section change the entries from /var/lib/mysql/ to the new directory, /data/mysql/.

The system should start without error if everything has been done correctly. Run the following command to ensure everything looks okay:

mysql -p -u redmine

Ruby Installation

Many methods exist to install Ruby. Unfortunately, the most convenient using apt-get will leave the system many versions behind, which means many plugins for redmine, and parts of redmine itself, will be unsupported. RVM is a tried and true method to provide clean management of ruby versions.

Note: once setup, each user of rvm needs to be added to the rvm group.

sudo usermod -a -G rvm username

Phusion Passenger Installation

Again,many options exist for application containers. Phusion has a Passenger-Nginx combo that is straight-forward to install and configure. It does not need to be done as root. Details of this installation can be found on the Phusion site.

Then to prevent a mess of 404 errors, comment out the location entry. Missing this step results in a special level of redmine 404 hell.

#location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. #try_files $uri $uri/ =404; #}

No need to restart nginx just yet. The system is almost ready for redmine installation.

Create the redmine account

Before doing too much with ruby, create a redmine service account. Note: Ideally the home directory is located where redmine is going to be installed - for production systems this should be on a separate partition.

Welcome to dependency-o-rama

The ruby add-on dependencies next depends (ha ha get it?) on various ruby pieces needed to install ruby components. A minimal list will look something like this:

sudo apt-get install -y build-essential imagemagick libmagickwand-dev

Redmine, remember this was the main point of the article?

Whew. Like a hero that doesn't show up until the third reel of a movie, redmine is finally on the scene. Yes, this is just like Batman vs Superman. There is a lot of build up to the main event, and when you get there it is anticlimactic.

Links of interest

General Redmine installation Always a good place to review the latest information on generic Redmine installations.https://www.redmine.org/projects/redmine/wiki/RedmineInstallUsing Google Authentication If using Google Apps or Google Auth is of interest with Redmine, a longstanding plugin has been brought back to life with a patch.